itis 1210 introduction to web-based information systems chapter 49 the dangers of spyware and...
TRANSCRIPT
ITIS 1210ITIS 1210Introduction to Web-Based Introduction to Web-Based
Information SystemsInformation Systems
Chapter 49Chapter 49The Dangers of Spyware and PhishingThe Dangers of Spyware and Phishing
SpywareSpyware
Umbrella term for software that “watches” Umbrella term for software that “watches” your surfing activityyour surfing activity
Without your knowledge, reports onWithout your knowledge, reports on Web pages you visitWeb pages you visit Track your Web searchesTrack your Web searches Record keystrokesRecord keystrokes Open a backdoor into your computerOpen a backdoor into your computer
SpywareSpyware
How does it get on your computer?How does it get on your computer? By downloading and installing “free” softwareBy downloading and installing “free” software
Kazaa file-sharing software, for exampleKazaa file-sharing software, for example
Spyware “rides along”Spyware “rides along” Installing what you wanted causes the Installing what you wanted causes the
spyware to be installed as wellspyware to be installed as well
Spyware runs whether or not the installed Spyware runs whether or not the installed application is runningapplication is running
SpywareSpyware
Purpose – generate cashPurpose – generate cash Delivers pop-up adsDelivers pop-up ads
Clicking to close still generates cash for the Clicking to close still generates cash for the ad developerad developer
May even cause a new ad to pop upMay even cause a new ad to pop up
SpywareSpyware
At regular intervals the spyware sends At regular intervals the spyware sends information back to its ownerinformation back to its owner
Information collected and analyzedInformation collected and analyzed Profile about you builtProfile about you built
Ads targeted to you specifically are then Ads targeted to you specifically are then sent to you when you run the program the sent to you when you run the program the spyware came in onspyware came in on
SpywareSpyware
Deleting the original application usually Deleting the original application usually has no effect on the spywarehas no effect on the spyware
Might not be able to deliver ads any more Might not be able to deliver ads any more but it still reports on your activitiesbut it still reports on your activities
Spyware Money TrailSpyware Money Trail
Reputable Web sites or merchants may be Reputable Web sites or merchants may be part of a money trail associated with part of a money trail associated with spywarespyware
User signs up as an User signs up as an affiliateaffiliate Your Web site has a link to someone else’s Your Web site has a link to someone else’s
sitesite They agree to pay you for referralsThey agree to pay you for referrals Examples: Examples: Dell, , Staples, Clickbank, Clickbank
AffiliatesAffiliates
http://www.dishpronto.com/images/affbigban.jpg
Spyware Money TrailSpyware Money Trail
Affiliate signs up and receives an IDAffiliate signs up and receives an ID Some merchants monitor affiliates, some Some merchants monitor affiliates, some
don’tdon’t Spyware commonly follows merchants Spyware commonly follows merchants
who do not do a good job of policing their who do not do a good job of policing their affiliate programsaffiliate programs
Spyware Money TrailSpyware Money Trail
Spyware authors make deals with affiliatesSpyware authors make deals with affiliates Their spyware includes links to the Their spyware includes links to the
affiliate’s real destination and uses their IDaffiliate’s real destination and uses their ID Affiliate includes spyware on their Web Affiliate includes spyware on their Web
site or otherwise distributes itsite or otherwise distributes it Unsuspecting user downloads spywareUnsuspecting user downloads spyware Clicks on linksClicks on links
Spyware Money TrailSpyware Money Trail
Merchant counts clocks and pays affiliateMerchant counts clocks and pays affiliate Affiliate splits income with spyware authorAffiliate splits income with spyware author
Pop-under – variation of a pop-upPop-under – variation of a pop-up Opens a new window hidden under the Opens a new window hidden under the
active windowactive window
Spyware Money TrailSpyware Money Trail
A pop under promoting Gateway, purchased A pop under promoting Gateway, purchased from Direct Revenue by a rogue affiliate.from Direct Revenue by a rogue affiliate.
If a user ultimately makes a purchase from If a user ultimately makes a purchase from Gateway, the pop under causes Gateway to pay Gateway, the pop under causes Gateway to pay commissions to the affiliate, via Commission commissions to the affiliate, via Commission Junction.Junction.
Gateway pays these commissions even though Gateway pays these commissions even though it did not know of or approve the affiliate's it did not know of or approve the affiliate's decision to place advertising with Direct decision to place advertising with Direct Revenue.Revenue.
Notice Gateway pop under (upper left corner, Notice Gateway pop under (upper left corner, within a window labeled "Aurora" -- a Direct within a window labeled "Aurora" -- a Direct Revenue product name).Revenue product name).
How Phishing WorksHow Phishing Works
Phishing attacks appear to be from a Phishing attacks appear to be from a legitimate site but are forgerieslegitimate site but are forgeries
Typically you receive an emailTypically you receive an email Problem with your accountProblem with your account Need to verify your identifyNeed to verify your identify Someone has tried to access your account so Someone has tried to access your account so
you need to verify that everything is still OKyou need to verify that everything is still OK
How Phishing WorksHow Phishing Works
Email looks authenticEmail looks authentic Correct logos and colorsCorrect logos and colors Some links may actually connect to the real Some links may actually connect to the real
sitesite
Click on the link provided (for your Click on the link provided (for your convenience)convenience)
Takes you to a forgery of the real siteTakes you to a forgery of the real site Actually run by phisherActually run by phisher
How Phishing WorksHow Phishing Works
Destination site looks authenticDestination site looks authentic Graphics, design, links ,etc.Graphics, design, links ,etc. Some links may even work properlySome links may even work properly
User logs inUser logs in Phisher now knows username & passwordPhisher now knows username & password
You answer questions or provide You answer questions or provide information directly to the phisherinformation directly to the phisher Credit card informationCredit card information
How Phishing WorksHow Phishing Works
Results?Results? Identify theftIdentify theft Access to your bank accountsAccess to your bank accounts
Examples:Examples: CitibankCitibank eBayeBay IRSIRS
Following the Phishing Money TrailFollowing the Phishing Money Trail
Phishers rarely work alonePhishers rarely work alone Usually part of a larger criminal organizationUsually part of a larger criminal organization Russian MafiaRussian Mafia
Protecting Against SpywareProtecting Against Spyware
New spyware released all the timeNew spyware released all the time New, updated signatures have to be New, updated signatures have to be
constantly downloadedconstantly downloaded Some spyware changes (morphs)Some spyware changes (morphs)
Hard to detectHard to detect Anti-spyware looks for behaviors as well as Anti-spyware looks for behaviors as well as
signaturessignatures
Protecting Against SpywareProtecting Against Spyware
Deleting spyware a complex taskDeleting spyware a complex task Many files may be involvedMany files may be involved Windows Registry might have to be correctedWindows Registry might have to be corrected
May even require a specific program to May even require a specific program to delete some spywaredelete some spyware
Real-time protection availableReal-time protection available Program in memory constantly runningProgram in memory constantly running Watches for spyware installation signsWatches for spyware installation signs
Protecting Against SpywareProtecting Against Spyware
Deleting that program doesn’t delete the Deleting that program doesn’t delete the spywarespyware
Must use a spyware removal toolMust use a spyware removal tool Ad-Aware from www.lavasoft.comAd-Aware from www.lavasoft.com Spy-Bot Search & DestroySpy-Bot Search & Destroy Spyware RemoverSpyware Remover